Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

The instructions being given are for YOUR computer and system only!Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!

You must have Administrator rights, permissions for this computer.

DO NOT run any other fix or removal tools unless instructed to do so!

DO NOT install any other software (or hardware) during the cleaning process until we are done as well as DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched. Extra Additions and Removals of files make the analysis more difficult.

Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.

Print each set of instructions if possible - your Internet connection will not be available during some fix processes.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Please read all instructions carefully before executing and perform the steps, in the order given.lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Step 1.For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...Create a System Restore Point

Right-click on Computer and select Properties.

In the left pane under Tasks please click System protection.If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".

Select System Protection, then choose Create.

In the System Restore dialog box, type a description for the restore point and then click Create again.A window will pop up with "The Restore Point was created successfully" confirmation message.

Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.If you have NOT successfully created a System Restore Point... do not go any further!Please post back so we can determine why it was unsuccessful.

Step 2.Remove Program(s)

Click on Start, then click the Start Search box on the Start Menu.

Copy and paste the value below without into the open text entry box:(Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Source: mscorlib InnerException.Message: Could not find a part of the path 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Translations\en-US\localize_en-US.xml'.

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Source: mscorlib InnerException.Message: Could not find a part of the path 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Translations\en-US\localize_en-US.xml'.

Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.

Highlight and copy the following entries: into SystemLook's main text entry window. (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)

Press the Look button to start the scan. Please be patient - it may take a while...When finished, a Notepad window will open with the results of the scan. A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt

Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:

Do you have any problems executing the instructions?

Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run

Contents of the JRT.txt log file

Contents of the AdwCleaner[Sn].txt log file

Contents of the SystemLook.txt log file

Do you see any changes in computer behavior?

Thanks,pgmigg

Failure to post replies within 72 hours will result in this thread being closed

Hello pgmigg thank you for the quick reply and taking the time to help me.

Still the same

Should I understand this statement as evidence that any problems with your computer is not observed?

That is correct. I do not use this machine much, Normally when I surf the net I use a desktop running puppy linux, This machine was used for important stuff( family photos personal documents you know personal stuff) and only connects to the net for updates and to visit trusted sites such as this, I say "Normally" until my wife dropped her laptop and took this 1 until she got a new 1, Now that I have it back I am here to get it cleaned up so I can use it knowing its clean. I am used to the speed of Puppy Linux so any Windows system seems slow, But, It seems to load Pale Moon faster.

Searching for "Searchqu"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"

This machine was used for important stuff( family photos personal documents you know personal stuff) and only connects to the net for updates and to visit trusted sites such as this, I say "Normally" until my wife dropped her laptop and took this 1 until she got a new 1, Now that I have it back I am here to get it cleaned up so I can use it knowing its clean.

Actually, an absence of symptoms does not mean that everything is clear. Even one careless click may cause unpredictable consequences and results you could see already! Let continue...

Step 1.OTL - Run Fix ScriptYou should still have OTL.exe on your desktop.Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.

Underneath Output at the top, make sure Standard Output is selected.

Highlight and copy the following entries: into the text box. (Do not include the words Code: Select all - instead of it, please click the Select all next to Code: to select the entire script.)

Let the program run unhindered and reboot the PC when it is done.When the computer reboots, and you start your usual account, a Notepad text file will appear.

Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.ESET NOD32 Online Scan

Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.Do NOT use the computer while the scan is running! Make sure all other programs and windows are closed!

You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.

If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.

Accept any security warnings from your browser and allow the download/installation of any required files.If your browser blocks or halts a download, please allow it to download any required files.

Under scan settings:

Check "Scan archives"

UNCHECK "Remove found threats"

Click Advanced settings and select the following:

Scan potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth technology

Click the Start button.ESET will install itself, download virus signature database updates and begin scanning your computer.The scan will take a while so please be patient. Do NOT use the computer while the scan is running!

When the scan completes, please press the text:

Press the text: , then save the file to your desktop as ESETScan.txt.

Press the Back button, then press the Finish button.

Copy and paste the contents of ESETScan.txt in your next reply.Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please include in your next reply:

Do you have any problems executing the instructions?

Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run

Contents of the ESETScan.txt log file

Do you see any changes in computer behavior?

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Thanks,pgmigg

Failure to post replies within 72 hours will result in this thread being closed

Your latest set of logs appear to be clean!This is my general post for when your logs show no more signs of malware. Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.OTL - Run Fix ScriptYou should still have OTL on your desktop.Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.

Copy and Paste the following code into the text box. Do not include the word Code

Hi pgmigg and thank you so much. I understand the clean up and am about to do so.

But first I must go to some adult sites and click questionable links.....LOL....just kidding.

While I was in town today I stopped by the local Office Works and got Kaspersky Internet Security 2014 for 2 years for 49 dollars. as soon as i do what you said I will install Kaspersky Internet Security 2014 update it defrag my drive and then create a clone image of my pc.

But first I must go to some adult sites and click questionable links.....LOL....just kidding.

By the way, I read somewhere that porn sites, especially if they are paid are safe in terms of viruses or other infections than the vast majority of other sites - hosts porn sites simply unprofitable to lose customers...

Please don't hesitate to ask any additional questions.

Stay Safe! pgmigg

Failure to post replies within 72 hours will result in this thread being closed

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.